A computer network is a collection of two or more computing nodes, which are communicatively coupled via a transmission medium and utilized for transmitting information. Most networks adhere to the layered approach provided by the open systems interconnect (OSI) reference model. The OSI reference provides a seven (7) layer approach, which includes an application layer, (Layer 7), a presentation layer (layer 6), a session layer (Layer 5), a transport layer (Layer 4), a network layer (Layer 3), a data link layer (Layer 2) and a physical layer (Layer 1). Layer 7 through layer 5 inclusive may comprise upper layer protocols, while layer 4 through layer 1 may comprise lower layer protocols. Some networks may utilize only a subset of 7 layers. For example, the TCP/IP model, or Internet Reference model generally utilizes a fiver layer model, which comprises an application layer, (Layer 7), a transport layer (Layer 4), a network layer (Layer 3), a data link layer (Layer 2) and a physical layer (Layer 1). These five layers can be broken down into a fairly specific set of responsibilities or services, which they provide.
Layer 7, the application layer, is typically responsible for supporting network applications such as web browsers and email clients, and is typically implemented in software in end systems such as personal computers and servers. Typical layer 5 protocols comprise HTTP to support the World Wide Web, and SMTP to support electronic mail.
Layer 6, the presentation layer, is typically responsible for masking any differences in data formats that may occur between dissimilar or disparate systems. The presentation layer specifies architecture independent data transfer formats and may enable encoding, decoding, encryption, decryption, compression and/or decompression of data.
Layer 5, the session layer, is typically responsible for managing user session dialogues. In this regard, the session layer may be enabled to control establishment and/or termination of logical links between users. The session layer may also be enabled to provide handling and reporting of upper layer errors.
Layer 4, the transport layer, is typically responsible for passing application layer messages between the client and server sides of an application. In this regard, the transport layer may be enabled to manage end-to-end delivery of messages in the network. The transport layer may comprise various error recovery and/or flow control mechanisms, which may provide reliable delivery of messages. By far the two most common Layer 4 protocols are transmission control protocol (TCP) and user datagram protocol (UDP), which are used in the Internet.
Layer 3, the network layer, is typically responsible for determining how data may be transferred between network devices. Data may be routed according to unique network addresses. In this regard, the network layer may route, for example, datagrams between end systems. Internet Protocol (IP), for example, defines the form and content of the datagrams and is implemented in Layer 3 in combination with any number of routing protocols which may be implemented in the various nodes (devices such as bridges and routers) along a datagram's path from one end system to another.
Layer 2, the data link layer, is typically responsible for moving a packet of data from one node to another. The data link layer defines various procedures and mechanisms for operating communication links and may enable, for example, the framing of packets within the network. The data link layer may enable detection and/or correction of packet errors. The Ethernet (IEEE 802.3) protocol is one common link layer protocol that is used in modern computer networks.
Layer 1, the physical layer, is typically responsible for defining the physical means, which may comprise optical, electrical and/or mechanical means for communicating data via network devices over a communication medium. The converting the bit stream from Layer 2 into a series of physical signals for transmission over a medium. Layer 2 technologies such as Ethernet may implement a number of Layer 1 protocols depending on whether the signal is to be transmitted over twisted-pair cabling or over-the-air for example.
As computer networks are increasingly relied upon for providing reliable and secure transmission of sensitive data between hosts, the types of security features and number of security features in network equipment has increased in an effort to provide the desired security and reliability.
The reliability and security of a network may take many forms. However, one pervasive threat to network reliability and security is the spread of malware into a network. Malware is a computer program or code written with the intention of infiltrating and/or damaging an end system such as a personal computer or a server. Particularly harmful to computer networks is malware known as a worm. Worms are self-replicating, often malicious, programs that spread from end-system to end-system in a computer network. In many instances a worm will replicate and spread as quickly as possible with the goal of infecting as many end-systems as possible.
Traditionally security features operating at the Layers 3, 4, and 5 described above, have had limited success stopping the spread of malware in computer networks. Furthermore, conventional approaches for improving network reliability and network security are often time and/or CPU intensive and often leave networks vulnerable at the lower layers.
Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of skill in the art, through comparison of such systems with some aspects of the present invention as set forth in the remainder of the present application with reference to the drawings.